Inspired by XKCD: MBR Love Note

I am a huge fan of the webcomic, XKCD, which is a very geeky and amusing comic for those of you who haven’t read it. On Friday, the following comic was posted:

And this of course reminded me of when I first started programming — I started with assembly language in 2000 with an 80286 I got out of the trash. I quickly became interested in low-level system programming, and created a number of MBR-based programs and other random programs in assembly. I haven’t programmed in assembly in a couple years, but this was pretty simple once I started going. ๐

In any case, the comic has inspired me to write a Windows-based program that can write a “love note” to the MBR and display it when the computer starts. And of course, just for fun it shows the “Missing operating system” message as well. Shown is a screenshot:

OBVIOUSLY this can be a very dangerous program, and could very well destroy your computer. In fact, I would assume any antivirus program worth its salt would detect this as a virus (I haven’t formally tested this assumption). So, don’t use it unless you really know what you’re doing. The number of people that would fit that description is around 0.001% of the population of computer programmers.

DONT’S:

Don’t use this program if you do not know how to uninstall this program
manually. For that reason, there is no uninstaller.

Don’t use this on 64-bit machines or ones with EFI — I really have no idea if it will work on those machines, but I seriously doubt it would. If you don’t know what EFI is, don’t use this program.

Don’t use this on machines with GRUB, it will kill your system.

Don’t use this on any system that is important to you or one that you do not own/control, it may kill that system, and you will get in trouble.

Don’t use this program if you cannot pass the following quiz without any
references. Especially don’t use this program if you have no idea how to
decode the answers to the quiz.

Quiz:

What is the difference between an MBR and a boot sector?

What does interrupt 0x19 do?

What offset does the partition table start at in an MBR, and how many bytes is each entry?

What offset is the “signature” of the MBR located at, and what is it?

Quiz Answers (encoded in ROT13)

Obbg frpgbef ner qrsvarq cre cnegvgvba, gurer vf bayl bar (hfrq) ZOE.

Vg vf gur vagreehcg pnyyrq gb obbg sebz n qvfx.

0k1OR, fvkgrra olgrf

Vg vf ybpngrq ng 0k1sr, naq vf 0k55 sbyybjrq ol 0kNN

How it works
You run love.exe in Windows, and it asks you for a message to put on the MBR. After clicking “destroy”, it does it. It will work in XP as administrator. It actually writes the love note to sector 3, the original MBR to sector 2, and a custom MBR to the MBR that displays the note, waits for a key to be pressed, and then loads the original MBR — at which point the computer will continue booting.

I used NASM to compile the MBR code, and Visual Studio 2005 to compile the Windows
installation program. I’ve never coded with MFC before, and this experience has not
motivated me to do it again anytime in the near future.

If you have any questions/comments/bug reports for this, feel free to contact me.

Note: In response to the comment by Criveti Mihai, the binary for the MBR sector actually is in the zip file at src/love/love/mbr.bin .. except if you were to install it via DD, you would need to install a message on sector 3 as well.

Note II: apparently the 4th answer to the quiz was incorrect for the last year or so… heh. Told you it was hard! Anyways, thanks to cm for pointing this out.

This entry was posted
on Sunday, November 11th, 2007 at 3:16 pm and is filed under Funny, Software, xkcd.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.

60 Responses to “Inspired by XKCD: MBR Love Note”

Assuming one were to install this, and was able to boot at least once afterwards, would using a hex editor to copy the contents of sector 3 to sector 2 constitute an uninstall?
I’m guessing in a DOS environment, FDISK /MBR would undo this, correct me if I’m wrong… what would windows’s FIXMBR program make of this?

one more thing, if this program overwrote a GRUB sector, would it be possible to boot a livecd, chroot, and run grub to fix it?

You could also provide it as an image you can write to disk with dd (dd if=loveletter of=/dev/yourdiskhere). And people who wish to try it on real hardware and not qemu or whatever can simply create a backup copy of their MBR (dd if=/dev/mydisk of=mymbr bs=512 count=1) and restore that. That way, there’s no need to wonder about what your little program does ;-). Without having to mess with other disk sectors…

To the dude with a mac: For the love of all things holy, READ THE INSTRUCTIONS. If you can’t understand the DOs and DONTs, don’t fuck with it. I say this being a very computer literate person, and getting a solid 0/4 on the quiz, so believe the dude when he says that 0.0001% of the COMPUTER PROGRAMMER population is qualified to do this.

As someone noted, your MacBook uses EFI, and you are specifically told NOT to use this on machines with EFI.

I wish I were literate enough to do this, or at least play around. I agree that many people will have problems, very soon, and as the (probably) most computer-literate person in my town, I may become busy soon….

Still, I hope many a n00b try this, so, if nothing more, servers will have a bit of a break.

Also, I am very close to knowing about what needs to be known to work with this, and if I hurry up and learn it, I might be able to charge people for “repairs”…. ๐

I tried the MBR love letter and, since we have the same computer (Dell Latitude, probably D600) I decided to take a picture. Then I decided to shoot a video. Then I decided to write a blog post.
And here’s the blog post: (Including the video)http://gameboygenius.8bitcollective.com/wordpress/?p=89

Unless the program does physical damage to the harddrive, surely any PC technician worthy of the name would pass as fit to use it… no ?

And even if the program is so badly written that it can physically ruin a harddrive (which i doubt, somehow) that is entirely different from having a computer destroyed.

I am not a programmer, but am a PC technician.
I can’t see any reason why this program would be any problem for me if used either on a computer whose harddisk contains nothing i want to keep , which is due a reformat and reinstall of the OS anyway, or a harddisk with an OS in a similar state whose contents i wouldn;t mind pulling off, using a different harddisk.

I’ve backed up harddrives with trashed master boot records before (trashed by linux, in those cases) , you just wheel everything out via another harddrive’s OS…. it’s nothing to break a sweat over, if you know what you’re doing.

Unless,regarding this particular program, there is something I am missing ?
It is quite possible… i scored a whopping zero on the test as it’s all gobbledygook to me.

Astrocat: The program can’t really physically harm the HD or computer. One can simply restore the MBR. Normally the computer should just boot after the message. The point is that if things actually go wrong, and you’re just a “regular user”, you probably won’t be able to fix it. Therefor, I think Dustin did the right thing not even telling that the computer should actually boot correctly on a standard 32-bit Windows not booting from EFI, after installing this problem. (Still don’t try it and blame me if you don’t know how to fix it) But there might be common software, maybe some antivirus woftare or whatnot that installs itself in the MBR and makes the computer unbootable after instaling the letter, and there you have a group of users who are pissed off because they can’t boot their computers.

This is nice thing. Please help me also..
i decided to change the MBR. Before loading the OS i want load the image (my photo), after displaying the photo it must load the OS as its erly does.

## How to change the MBR code,
## How to copy the MBR code of the first sector and write to the other sector. Then how to call this MBR from our changed sector. If any document is there please send me.

But am all too aware I completely lack the skills to fix it should I f*** my PC with it, or to prevent such from happening. Would ask for a compiled version of the floppy-writing ones (I have literally hundreds of the critters in the cupboard), if my only floppy disc drive wasn’t now a very rarely-used USB one.

Looking at this it is fun, and yeah lets just make it a bit more dangerous for new users…. the sudo command was a gem. i cant wait to see that someone ran that. & @ the pc technician you fit into another group not mentioned here… those of us who could recover from F$#*^& over our HDs without a trip to the local comp repair place. but we would have to resort to pulling the information and reinstalling. not actually repairing the system. I have only one question what happens if you run this twice? it seems like it would brick the pc by just writing this twice and removing the origional MBR completly ?

I’m not sure “sudo find / -name *.conf |xargs -i echo Sweet nothings > {}” is going to work, I tried that but only got a file named “{}” with a number of “Sweet nothings” matching the number of .conf files I have on my system.

Can this be prepackaged in such a way that it auto installs by just viewing in a email (via outlook) or website.
I would like to put it in someones PC without going to her house (to avoid letting her know who did it)?

I don’t recall the (complete) answers to 3 and 4, but I did know them some years ago, and know how to look them up and/or otherwise find out when needed…
Considering that I have, though quite a few years ago, written boot record code myself and put it into the MBR successfully, I’m probably in that 0.001% anyway. ๐
I remember having trouble remembering if the fives or the tens came first though, probably because iirc it depended on whether I read byte by byte or as a single (16-bit) word…

Here is an idea.
Create a program for learning the multiplication table.
Start it from the MBR, ask a few 8*6, 7*9, 2*3.
After a wrong answer start again. Boot-up after giving all good answers.
There might be 3, 5 or 10 questions.
Kids will love it… after aproximately 10 years… on their graduate exams… ;-))
Should work on Windows Vista as probably most modern games are designed for.
Do you like the idea?

Well, the bootsector stuff (beyond basic definitions) is above my head, so i had to use Leetkey (a nifty, but mostly useless firefox addon. however, it was rather useful here ๐ ) to decode the answer.